CN113826095A - Single click login process - Google Patents

Single click login process Download PDF

Info

Publication number
CN113826095A
CN113826095A CN202080027059.3A CN202080027059A CN113826095A CN 113826095 A CN113826095 A CN 113826095A CN 202080027059 A CN202080027059 A CN 202080027059A CN 113826095 A CN113826095 A CN 113826095A
Authority
CN
China
Prior art keywords
user
login
software application
computing device
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080027059.3A
Other languages
Chinese (zh)
Inventor
P·维拉什
R·洛拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Medithers Dados De Saud Ag
Original Assignee
Medithers Dados De Saud Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Medithers Dados De Saud Ag filed Critical Medithers Dados De Saud Ag
Publication of CN113826095A publication Critical patent/CN113826095A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2139Recurrent verification

Abstract

A method and apparatus are presented for securely logging a computer user into a computer system via an anonymous identifier, thereby eliminating the use of a username and password and requiring only a single click or touch of the user to log into the computer. The anonymous identifier uniquely identifies the user and may be used as an encryption key.

Description

Single click login process
Technical Field
The present application is in the field of secure identification of computer users when logging into a computer system by means of anonymous identifiers.
Background
Logging into a computer network-the process whereby a user at a client computer is identified by a server computer and granted access-is almost universally accomplished by typing a username and password into a software application or operating system via a user key. This requires a registration process in which the user enters a name, personal identification data and preferences, and a selected user name (typically public and typically associated with the person's name), and a user-defined, user-remembered password (known only to the user and the host computer). The registration process takes place in a computer or computer terminal and the user name and password are recorded by the host computer. During use, access is granted to the user by the host computer matching the data string entered by the user in the appropriate username and password fields with the corresponding username and password (in plaintext or some encrypted or hashed form) recorded at the time of user registration.
However, the proliferation of computer user accounts has led to problems that are characteristic of the internet. However, in the past, users typically had one school or work computer account, and today users sometimes need to manage dozens of school or work computer accounts, making the process more difficult as many host computers require users to change their passwords frequently. This results in insecure behavior, such as writing down someone's password. Remembering all passwords at the time of use is a difficult process, and this difficulty can lead to reduced security behavior.
Furthermore, in most computer systems that use a username and password based user login to the system, the system administrator has access to the user's password to reset the password, if necessary. This means that the system administrator has the opportunity to reset the password of the username to a new value and log in as a user, potentially doing unauthorized or illegal operations under unsuspecting user identities. The password reset process, which bypasses the system administrator by sending a password reset link to the user's email address, is more secure, but requires the host computer to know the identity of the user. There are other ways to enhance security, such as giving the user electronic device that generated the code associated with the current time and asking them to enter the session code after the username and password. Such systems are cumbersome and expensive, requiring each host computer to access a new electronic device. Recently, smartphones have begun to function as session code generators, with a greater advantage than dedicated devices, but this still requires each application server to make its specific login software application available to each computer user, resulting in application clutter in smartphones.
Furthermore, there is an increasing concern over the unauthorized or unapproved use of personal data. Computer systems that typically require a user to reveal their identity via their well-known username and then confirm their identity using an inherently insecure password, which can be changed without the user's immediate knowledge, are highly inadequate for protecting personal data.
Clearly, there is a need for a new secure login system that can address all of the above issues, and this should be done by eliminating the username/password approach altogether. This is particularly desirable in computer systems that process very sensitive data such as, for example, health, biometric, genetic, ethnic, financial, property, asset, tax, voting, purchase, and transaction history data. It would be particularly useful to manage all of this data in a manner that clearly and securely associates the data with a person, so long as the data is not by way of the person's name or personal identifier that can be traced back to the person's name.
There are situations in the prior art where attempts are made to eliminate passwords instead of usernames.
Us patent 8954758 replaces the password with a user generated gesture, which is interpreted and mathematically converted to a string of characters that is appended to the login key to complete the complete login expression. In other words, it replaces the alphanumeric password with an alphanumeric password derived from a point in space tracked by the human gesture, and thus still requires the host computer to store the username and full login expression.
Us patent 9264423 allows password-less login by sending a prompt to a user's pre-registered communication device, such as the user's mobile phone, accepting or rejecting the user's login request initiated at a different computer or terminal. The response to the prompt is sent to the login rights server, which then sends the user's response to the application server to grant or deny access. This is a complex system requiring four different computers: a client device of a user, wherein a user session begins; an application server that receives a user identifier of the client through a user editable field as part of a login process for the user; a login authority server which receives a request for user authentication from an application server; and a user device, such as a mobile phone, wherein the same user receives a confirmation request from the login rights server to accept the login request and which responds positively or negatively thereto. Furthermore, the user is identified by means of a user identifier, which may be a random number or a user selection. The described method requires that the application server knows the user's name and that all four computers need to participate whenever there is a login attempt.
We have now devised a method and apparatus in which the login control resides on the user's personal computing device, such as a smartphone, which does not utilize a traditional username or use any kind of password or user's smartphone number or email address, but requires only the user's computer and an application server. An application server is a server to which a user wants to connect for data processing of interest. At login, the user remains anonymous to the application server or host computer and is identified only by means of an anonymous identifier.
Disclosure of Invention
The present disclosure describes a device for a user to log into an application server, designated as a personal computing device, such as a smartphone, tablet, laptop, or personal computer. A personal computing device is provided with a processor, memory, a data storage medium, a display unit, one or more input devices such as a keyboard, pointing device, camera, microphone, motion detector, etc., a communication subsystem, an operating system, a power supply, and means for executing software program instructions. The personal computing device is connected to one or more application servers, such as a mainframe computing system, a corporate server, a web server, a cloud computing system, or the like, over a communication network, such as a private network, a public network, or the internet.
An application server includes essentially the same components as a personal computing device, but its processing power, memory, and storage media will have much greater capacity, and it will have access to a communication network through much greater bandwidth to accommodate simultaneous processing by multiple users.
To verify the identity of the user and authenticate the user's personal computing device as a device under the control of the user, in one embodiment of the present disclosure, an identity verification server is used and its components and capabilities are similar to those of the application server described above.
To process data in the manner described in this disclosure, the participating computers are programmed with computer programs specifically written for the tasks described. The personal computing device includes at least a login software application, the application servers include at least a user registration software application and a login and access software application (collectively referred to as application server software applications), and the identity verification server includes at least a user identity verification software application. All software applications in each type of computer (personal computing device, identity verification server and application server) also include cryptographic software to generate at least asymmetric keys and digital signatures to ensure secure communication between all three computer systems.
In one aspect of the invention, a method is described for performing a secure user login procedure without a user-defined username or user-defined password, wherein the user's personal computing device connects to a software distribution service and a login software application is downloaded and installed into the personal computing device, wherein the login software application generates a private key and an associated public key that will also serve as an anonymous identifier for the user. In this disclosure, the public key is known only by the login software application in the personal computing device and the login and access software application in the application server. At run-time, the login software application connects to and communicates an anonymous identifier to the login and access software application in the application server, and the application server records the anonymous identifier in its user registration database through the user registration software application. Once the user registration process is complete, the user may run a login software application requesting to login to the application server and identify himself by means of an anonymous identifier, the login process and the user anonymous identifier being confirmed by a login and access software application running in the application server. This occurs in the event that the user does not have to enter a username or enter a system password, which is not present because the username or system password was never created. Similarly, this method of login between a personal computing device and an application server does not employ any kind of biometric file, fingerprint file, and facial image file stored in the application server as a password for login verification, as these elements are too accurate in identifying the actual person, and the application server can then easily re-identify its anonymous user.
To increase security, the login software application running in the personal computing device may include a screen lock device that will be stored locally in the personal computing device and requires the user to unlock it to allow the operation of the application to continue. When the login software application has been installed and run, it requires the user to unlock the screen lock device to ensure that it is being used by an authorized user of the personal computing device. Unlocking the screen lock device may be by means of a conventional PIN number, or may be achieved by facial or fingerprint recognition, depending on the security features present in the smartphone or tablet computer. The PIN or digital representation of the user's face or fingerprint will not be sent to the application server as a system password and the personal computing device and login software application are accessed by opening the local screen lock device. Failure to open the screen lock device will prevent further use of the login software application and the login process will not be authorized by it. If the screen lock device is successfully opened, the login software application will take over the login process from the user.
In another embodiment, it is important to absolutely confirm the identity of the user so that the application server can trust user registration requests from users for whom the name identity is unknown. This requires the functionality of a separate, stand-alone user identity verification server that already contains demographic user data. The server may authenticate the identity of the user by using demographic data containing at least the user's name and contact details. This will be done only once at user registration and may allow the user to enter user preferences, including consent to the application server to use the user's personal data and other legal procedures. In this case, the user will enter a name, and possibly all personal identifiers that need to facilitate their positive identification, such as name, date of birth, sex, address, zip code, and official identification codes, such as citizen's ID number, passport number, etc. Advantageously, such data may be obtained by using a personal computing device to photograph the user's ID card or driver's license, and using character recognition software therein to automatically and reliably obtain the data of interest. The login software application in the personal computing device then sends the name and personal identifier to the user identity verification server, where it uses these personal identifiers to search the personal records of the particular person stored in its database, and when one is found, reads the known cell phone number or email address of that person. Useful identity verification servers include official government databases of national identity cards or driver's license departments, and user databases of cell phone operators or banks. Once a match between the received personal identifier and the personal record in its database is found, the user identity verification server either sends a short message command to the mobile phone number known to the user, or sends an email to his known mail account, or any other kind of electronic message, prompting the user to confirm a response that is known to and responsible for the new user registration process being performed. Upon receiving a positive response, the identity of the user is confirmed, the user's personal computing device is authenticated as the user's login and access device, and the identity verification software application in the identity verification server sends a command to the login software application that is authorized to end its installation in the personal computing device and become operational. In this authentication process, the user login software application need only contact the identity verification server once, the user identity verification software application verifies the user identity and authenticates the login software application and the personal computing device together as the user's login and access device.
The authentication process validates the user's personal computing device as a valid login and access device, and the login into the application server will only be performed by the login software application in the personal computing device without any other user intervention. Other processes may be used to positively confirm the identity of the user, such as sending a confirmation code by posting to the user's known address, which the user would have to type into a login software application to end its installation, or even physically present in person at a verification center for in-person confirmation. A state-provided secure identity authentication method is also useful.
In one embodiment, the anonymous identifier will be transmitted to the identity verification server in encrypted form and recorded with the user's name and personal identifier. In this case, the identity verification server may be used to re-identify the user if later required to be legitimate.
It will be noted that when attempting to subsequently log into the application server, in most embodiments the login software application will not transmit a username, personal identifier or password, or any element that can be used to recover the known identity of the user. This is useful in the processing of valuable but sensitive personal data where the data needs to be obtained, but does so without being able to identify the user by its name or receive any personal identifier that would allow the user to be re-identified.
During the installation process, the cryptographic key software program contained in the logon software application in the personal computing device generates a pair of cryptographic keys using known methods developed by Rivest, Shamir and adleman (rsa), or more preferably, the known method of the Elliptic Curve Digital Signature Algorithm (ECDSA) (two asymmetric cryptographic methods). Each pair of cryptographic keys comprises a private key and a public key, and their use is well known in the cryptographic community, and they are referred to hereinafter as cryptographic keys or private keys and public keys. Conveniently, the public key will be used as an anonymous identifier for the user and will only be used for login purposes for the application server of interest. In practice, several pairs of encryption keys may be generated, as many as are required to log into different application servers of interest, so that each public key/anonymous identifier may be used to log into only one application server. Although described as "public," it will be noted that, in practice, the user's public key will only be known to the login and access software application in the application server and the login software application in the personal computing device, and will remain confidential to all other parties, including the user. This is an added security feature because the login process can only be initiated in the personal computing device of the user who installed the login software application. In this manner, the public key/anonymous identifier is a valid, confidential identifier of the user operating the personal computing device that generates a cryptographic key and is used to securely log into the application server of interest to the exclusion of a conventional user-defined username and password. However, it is not important that the anonymous identifier is the same as the cryptographic public key, and indeed it may be any other sufficiently complex number. In addition to the user, the identity verification server and the application server may also use software to generate their own cryptographic key pair to securely communicate with the user's login software application.
When not a cryptographic public key, the anonymous identifier may be any randomly generated number similar in length and complexity to the anonymous identifier generated as a public key as described above.
A necessary feature of the public key/anonymous identifier is that it needs to be as close to unique as possible. The private cryptographic key will be generated by a suitable cryptographic software program included in the login software application, which will calculate the associated public key. At least a 10 digit number of the private key (and an associated public key of the same or similar length) can assign a single number to each person in the planet, but is too short to ensure that both persons will not receive the same number in the random number generation process. The number of at least 100 digits will provide a significant increase in the number space and a consequent reduction in the probability that two different people are assigned the same random number, while a 1000 or more digit number will give even better security. In the current implementation of the method disclosed herein, a 20 byte hexadecimal code is used that represents 40 characters, and the hash number can be as long as 2048 bytes. As faster computers evolve, their complexity may increase in the future. While the anonymous identifier may be considered a username or password, it cannot be considered neither user-defined nor user-memorable, nor user-input. Its lack of length and meaning will make it almost impossible for a user to easily copy or remember it, even if it is easily accessible to the user, but it remains hidden from the login software application in the user's personal computing device.
This login procedure, using a public key or a random number used as an anonymous identifier, allows the application server to think they are valid and sufficient means to grant the user login access to the application server when sent by the login software application to the login and access software application in the application server.
The actual length of the anonymous identifier will be determined by best practices in system implementation, as well as continued use of the RSA or ECDSA systems or newer systems that are more secure against unauthorized use or destruction.
A method of ensuring that anonymous identifiers are unique and not homed yet (unlikely but not impossible) comprises the step of searching by an identity verification server its user registration database comprising anonymous identifiers and looking up therein for an exact match with the received anonymous identifier of the new user. If a match is found, the identity verification software application in the identity verification server will issue and transmit a command to the login software application to regenerate a new private key or a new random number, thereby generating a new public key/anonymous identifier. The identity verification server will indicate that the installation of the login software application is complete only if the identity verification server verifies that the new anonymous identifier is unique.
Logging on to a computer system and application server using the methods of the present application allows a user to initiate a login and access process by a single click or touch in their login software application, which will trigger the transmission of an anonymous identifier to the login and access software application in the application server, and which in turn grants login access based only on the received anonymous identifier.
These operational and design features enable a personal computing device to include a login software application and an anonymous identifier, login device. Rather than the user logging in, the personal computing device does so under the control of the user. This feature is independent of whether the identity verification server is used to confirm the identity of the user.
For higher security, a digital signature may be used. Digital signatures are mathematical schemes used to verify the authenticity of a digital message or document. A valid digital signature gives the recipient the reason to believe that the message was created by a known sender (the user is authenticated), that the sender cannot reject the sent message (the user cannot deny it) and that the message is not altered in transit (its integrity is verifiable). Known digital signature methods include RSA-based signatures, DSA (digital signature algorithm) signatures, and other methods, and they employ a randomly generated private key and an associated public key. Here, the pair of keys may be the same as the keys generated above when generating the anonymous identifier. In one embodiment of the present disclosure, the logon software application comprises digital signing software and generates an array of bytes that will be its digital signature computed using known mathematical processing of the user's private key applied to the content of the message to be signed. Here, the content of the message to be signed is the public key/anonymous identifier of the user. The digital signature and the message itself are transmitted to an identity verification server or application server whenever it is required to verify that the message did originate in the login software application or any other user software application in the user's personal computing device.
The recipient can convert the received digital signature back into a message containing the user's public key, read the digital signature and compare it to the content of the received message itself. If there is a match, the recipient authenticates the user. Similarly, the identity verification server may digitally sign its command to install the login software application to successfully end up in the user's personal computing device by digitally signing a message using the identity verification server's private key, where the signed message is the user's public key/anonymous identifier. In this embodiment, installation of the software login application continues and successfully ends in the personal computing device only upon receipt of the digitally signed message.
Once the installation of the login software application is successfully completed, the user may use it to contact an application server known to the login software application and initiate a user registration process. Digital signatures are useful here, especially those generated by identity verification servers, so that when transmitted to an application server, the presence of a user is guaranteed, the name identification of which has been confirmed, the anonymous identifier is a valid identifier of an unknown but still authenticated individual, and the verification process is performed by a known identity verification server. With these guarantees, the user registration software application in the application server can record the user under the anonymous identifier of the user in its user registration database.
It will be appreciated that while the login process is anonymous, the anonymous identifier is a unique code for the individual and resides in a personal computing device that may otherwise have been authenticated by the identity verification server as being under the control of the individual. Anonymous identifiers are difficult to copy, hack or penetrate, making the disclosed method a very secure login process. It will be noted that the login software application may be included in any other software application for which the provider wishes to use the functionality of the login device and method described in the present disclosure.
Thus, when an application server receives an incoming login request originating from a login software application, where the identity of a user has been confirmed and authenticated by an identity verification server, the application server may grant access to the login request based only on the anonymous identifier of the user and provide a level of application functionality and security commensurate with the person for whom the user is authenticated but unknown. This is the case when the application server handles sensitive personal data.
If the identity of the user has not been confirmed by the identity check server, the application server may still grant access to the login request based only on the anonymous identifier of the user, and this would be appropriate without requiring absolute certainty of the name identity of the user. This is the case when the application server seeks to track a user's habits, access, preferences or selections and the user is willing to share that information.
As long as the login procedure described in this disclosure can be used not only to open a user session in the server computer, but every time there is an exchange of information between the client and the server, thereby continuously verifying the anonymous identity of the user, the login procedure can be considered as a continuous access verification procedure, which means that the login procedure should also include a continuous access verification procedure.
In another aspect, a non-transitory computer-readable storage medium is described. The computer-readable medium includes computer-executable instructions that, when executed, configure a processor of a personal computing device to connect to a software distribution service and download and install a login software application into the personal computing device and generate an anonymous identifier, and then execute the login software application that transmits the anonymous identifier to an application server. Further instructions also configure the processor of the application server to receive the anonymous identifier and record it in its user registration database. When a user logs into an application server using a login software application by transmitting its anonymous identifier, a processor of the application server is configured to process the received anonymous identifier to attempt to match the anonymous identifier with one of the entries in its user registration database, and finally grant the login software application and the user access to the application server.
In use, the login and access method of the present disclosure provides a more convenient and practical method to log in to a computer, but does not reduce security and actually enhances security relative to prior art methods. By automating the process and placing it in the user's personal computing device, the user is no longer required to remember or write down several passwords, nor is the user required to identify himself by means of a username. This greatly reduces key errors, wrong passwords, and locked accounts due to too many incorrect passwords being entered in succession. However, the most important benefit is that the user only needs to select the application server to connect to in his login software application and successfully log in with one single action (mouse click, finger tap or any other pointer action). Without a system password, the personal computing device takes over the process of logging in by means of an anonymous identifier. It will be noted that the method of the present disclosure differs from current password management systems in which, for each application server, the login file residing in the user's personal computing device contains one or more specific usernames and passwords defined by the user at the time of registration. In this prior art method, a personal computing device logs on to an application server of interest by sending a user definition and a username and system password entered by the user.
Other exemplary embodiments of the present application will become apparent to those of ordinary skill in the art upon review of the following detailed description when taken in conjunction with the accompanying drawings.
Drawings
Fig. 1a is a block diagram of a system architecture for downloading and installing a login software application and verifying a user's identity in an identity verification server according to an example embodiment of the present disclosure.
Fig. 1b is a block diagram of a system architecture for securely logging into an application server according to an example embodiment of the present disclosure.
Fig. 2 is a block diagram of a personal computing device according to an example embodiment of the present disclosure.
Fig. 3 is a block diagram of an identity verification server according to an example embodiment of the present disclosure.
Fig. 4 is a block diagram of an application server according to an example embodiment of the present disclosure.
Fig. 5a, 5b and 5c are block diagrams of methods for digitally signing a message and for verifying that the message is valid according to example embodiments of the present disclosure.
FIG. 6 is a flow chart of a method for downloading and installing a login software application in a personal computing device according to an example embodiment of the present disclosure.
Fig. 7 is a flow diagram of a method for a personal computing device to securely log onto an application server according to an example embodiment of the present disclosure.
In the drawings, numerals refer to like elements and features throughout the specification.
Detailed Description
FIG. 1a is a block diagram of the computer architecture required to download and install the logon software application of the present disclosure. This is the first step necessary to successfully install the login software application in the user's personal computing device. The login software application 100 resides in a software distribution service 105 in the internet. A user operating a personal computing device 110, such as a smartphone, tablet computer, laptop computer, or personal computer, downloads a desired login software application 100 from a software distribution service 105. The user installs the login software application 100 in his personal computing device 110 according to the method described in fig. 6.
The personal computing device 110 is connected to an identity verification server 130 via a communication network 120. The server 130 searches its user database for matching users and, when a matching user is found, confirms the identity of the user and allows continued installation of the login software application 100 according to the method described in steps 600 to 630 of figure 6.
FIG. 1b is a block diagram of an example of the computer architecture required to create a new user in the present disclosure. This is a second step in which, after the login software application 100 is installed, the user's personal computing device sends a request to register the user in the application server of interest. The user runs the login software application 100 in his personal computing device 110 to connect to the application server 140 via the communication network 120 according to the method described in steps 700 to 730 of fig. 7. If issued by the identity verification server when using an optional authentication procedure, the login software application 100 transmits the anonymous identifier and the identity confirmation data of the user. The application server 140 receives the user's anonymous identifier and the identification data and, upon successful authentication of the data, records the user as a valid new user in its user registration database.
Fig. 1b is also a block diagram of an example of the computer architecture required in this disclosure to initiate a new login process for a user who has registered in the user registration database 480 in the application server 140. This is a third, second step in which the login software application 100 in the user's personal computing device 110 sends a request to initiate a login process to the application server 140 of interest after the new user has successfully registered. A user runs a login software application 100 in his personal computing device 110 to connect to an application server 140 via a communication network 120 according to the method described in figure 7. The login software application 100 communicates the anonymous identifier of the user. The application server 140 receives the anonymous identifier of the user and, upon successfully authenticating it according to the method described in fig. 7, steps 760 to 790 allow the user to log in and initiate a user session at the application server 140.
Fig. 1a and 1b depict examples of the minimal computer architecture required for the anonymous login procedure of the present application. The identity verification server 130 (if used) is used only once to verify the identity of the user and authenticate his personal computing device 110, and the personal computing device 110 will be used to connect and log into the application server 140.
In FIG. 2, an example personal computing device 110 is shown in block diagram form. In this example, personal computing device 110 has a main processor 240 that connects to different device subsystems such as communication subsystem 210, an input device 220 such as a keyboard, mouse, or touch screen, and a display 230 such as a screen. It will be appreciated that the personal computing device 110 has many other components that are not separately identified.
The communication subsystem 210 is used to connect the personal computing device 110 to other computers, such as the software distribution service 105, the identity verification server 130, and the application server 140, to manage the data exchange described in this disclosure, e.g., relating to the downloading and installation of the login software application 100, user identity verification, user registration, anonymous identification transfer, login procedure initiation and termination.
The main processor 240 is associated with at least one memory 250 that may store data and processor-executable instructions 260 that, when executed, configure the processor 240 to download the login software application 100 and generate a private key and an associated public key/anonymous identifier using a cryptographic software program 280 included in the login software application 100, following one of the RSA or ECDSA methods or an equivalent.
In fig. 3, an example identity verification server 130 is shown in block diagram form. In this example, the identity verification server 130 has a main processor 340 connected to the communication subsystem 310. It should be understood that the identity verification server 130 has many other components that are not separately identified.
The communication subsystem 310 is used to connect the identity verification server 130 to other computers, such as the personal computing device 110, to manage the data exchange described in this disclosure, such as the data exchange involved in user authentication and authentication of the personal computing device 110.
Main processor 340 is associated with at least one memory 350 that may store data and processor-executable instructions 360 that, when executed, configure processor 340 to first receive a request for identity verification from login software application 100 in the user's personal computing device 110, then perform the steps of user identity verification software application 370, and finally and if verification is successful, issue a command 380 to login software application 100 to continue and successfully end the installation.
In fig. 4, an example application server 140 is shown in block diagram form. In this example, the application server 140 is provided with a main processor 440 connected to the communication subsystem 410. It will be understood that the application server 140 has many other components that are not separately identified.
The communication subsystem 410 is used to connect the application server 140 to other computers (e.g., personal computing device 100) to manage the data exchange described in this disclosure (e.g., involving connection to the personal computing device 110), receive the transmitted information identified with the anonymous identifier from the login software application 100.
The main processor 440 is associated with at least one memory 450 that may store data and processor-executable instructions 460 that, when executed, configure the processor 440 to first receive a request in the form of an anonymous identifier from the login software application 100 in the personal computing device 110, which is handled by the user registration software application 470 in a first connection and by the login and access software application 475 in all connections. The first connection causes the user registration software application 470 to check whether an anonymous identifier already exists and, if not, to create a new entry for it in the user registration database 480. All connections cause the login and access software application 475 to verify the validity of the anonymous identifier by matching the received anonymous identifier with the user registration database 480 containing anonymous identifiers. If the anonymous identifiers are successfully matched, the processor 440 is configured in the application server 140 to grant login access to the login software application 100 and open a user session 490.
Examples of digitally signing and verifying messages are given in fig. 5a, 5b and 5C in block diagram form of the method of the present disclosure. The message to be signed is an anonymous identifier.
In fig. 5a, the login software application 100 in the personal computing device 110 uses its private key 500 to digitally sign a message 510 including an anonymous identifier, using a known method such as a digital signature algorithm to generate a digitally signed anonymous identifier message 520.
In fig. 5b, the login software application 100 in the personal computing device 110 transmits a digitally signed anonymous identifier message 520 and an anonymous identifier message 510 to the application server 140 using the communication network 120.
In fig. 5c, the digitally signed software signature included in the login and access software application 475 in the application server 140 receives the digitally signed anonymous identifier message 520 and the anonymous identifier message 510, processes the digitally signed anonymous identifier message 520 using known methods (such as a digital signature algorithm) and compares the processing result with the message containing the anonymous identifier 510. If the two expressions are equal, the application server 140 ensures that a login or access request has originated the user identified by the anonymous identifier.
In fig. 6, an example of downloading the login software application 100, verifying the identity of the user and successfully installing it in the personal computing device 110 is given in the form of a flow chart of the method of the present disclosure.
In step 600, the user operates a personal computing device 110 (such as a smartphone or tablet computer) and directs it to a software distribution service 105 (such as an application store, Google Play, or software distribution web server) and downloads the desired login software application 100. If a personal computer is used, the user accesses the software distribution web server 105 and downloads the desired login software application 100. The user initiates installation of the login software application 100 in the personal computing device 110.
During installation, the login software application 100 also requests the user to enter a code for the screen-lock device, such as a four or six digit or alphanumeric PIN, or a longer, or a picture of the face or fingerprint, or any other means of using biometric identification functionality present in the personal computing device 110. The screen lock code and device remain in the personal computing device 110 and its digital representation will not be transmitted to an outside party, such as the identity verification server 130 or the application server 140. This is locally stored code. This embodiment would be particularly useful in applications involving sensitive personal data processing, where it is important to protect the personal computing device 110 from unauthorized access and unauthorized use as a login device.
In other embodiments, particularly in corporate systems, the user needs to be known, and in such cases, the installation of the login software application 100 will include the user input name, username, personal identifier, preferences and other information of interest that may be sent at the time of user registration so that the application server 140 can identify the user as a valid member of the organization. The difference from current login systems is that the user does not generate or store a password in the corporate application server 140. In all embodiments, login will be accomplished by the user opening at least the screen lock device on the login software application 100 and selecting and clicking or touching the login button of the application server 140 of interest.
Step 610 describes aspects of an embodiment in which it is desirable to absolutely confirm the identity of the user and authenticate him to the software application 100 and personal computing device 110. If not, operation continues at step 635. When needed, the logging software application 100 connects to the identity verification server 130 containing a large amount of personal data, so large that the likelihood is high that the current new user will likely already be known and recorded in the database of the identity verification server 130. Upon receiving the user's name and personal identifier, the identity verification software application 370 in the identity verification server 130 uses the user's identity details to locate the same user in its own database. Once found, the identity verification software application 370 reads in the found user record contact details, such as the user's cell phone number, email address, or any other electronic address, and sends a text message to the cell phone or an email message to the user's email account, requesting the holder to confirm his name and whether it is the originator of the new user registration process. The confirmation may be simple, such as merely clicking or touching a link displayed on the screen of the personal computing device 110. Clicking on the link sends information back to the identity verification server 130 that the user has in fact confirmed the received information on the known smartphone, tablet or computer personal computing device 110. Validation may be made more secure by including a numeric code in a text message or email (which then requests the user to manually enter into the login software application 100), a very secure process used by banks and state agencies. After the user enters his response and the login software application 100 sends the response, the login software application 100 waits for the response from the identity verification server 130.
In step 620, the identity verification software application 370 processes the responses received or not received from the user. The identity verification software application 370 may make the decision based on user input (positive or negative) or may decide negative if there is no response after a timer included in the identity verification software application 370 running in the identity verification server 130 counts a certain amount of time, such as 60 seconds.
If the user response is negative or if there is no response, then in step 625 the identity verification software application 370 sends a command for which the login software application 100 in the user's personal computing device 110 has been on standby, in which case installation of the login software application 100 in the user's personal computing device 110 is stopped.
If the user response is positive and received within the preset time, the identity verification software application 370 sends the user identity confirmation data (timestamp, confirmation number, identity verification server 130 name and address) and a command to allow continued installation to the login software application 100 in step 630. Both are recorded by the logging software application 100.
In step 635, the logon software application 100 uses the encryption software program 280 to generate an encrypted private key and a public key/anonymous identifier for the user.
In step 640, the login software application 100 connects to the login and access software application 475 in the application server 140 and requests a new user registration process for the user identified by its anonymous identifier. After the command has been sent, the logging software application 100 waits for a response from the application server 140.
In step 650, the login and access software application 475 in the application server 140 tests whether the request is from a true copy and a valid installation of the login software application 100, which is accomplished through known cryptographic methods.
If the test is unsuccessful, then in step 655 the login and access software application 475 in the application server 140 denies the request for a new user registration process and sends a command to the login software application 100 to terminate its operation. If successful, the login and access software application 475 sends a command to the login software application 100 to continue its operation and sends the user's encrypted public key/anonymous identifier and user identity confirmation data (if any) to the application server 140 in step 660.
In step 670, the login and access software application 475 in the application server 140 receives the transmitted cryptographic public key/anonymous identifier and user identity confirmation data (if any) from the login software application 100 and causes the user registration software application 470 to create a new user in the user registration database 480.
In step 680, successful recording of the new user by application server 140 results in the transmission of a command sent by login and access software application 475 to login software application 100 signaling it can record the installation of login software application 100 as a successful end. The logon software application 100 records the name of the application server 140 as the computer system that has confirmed the user's logon operation and authenticates the software logon application 100 with its personal computing device 110 as a logon device. Only the login software application 100 that has successfully installed to this point will be identified by the login and access software application 475 in the application server 140 of interest that received the incoming login request; this fails and the application server 140 will not allow the login attempt.
In fig. 7, an example of logging into the application server 140 after successful installation of the login software application 100 in the user's personal computing device 110 by means of an anonymous identifier without a username or password is given in the form of a flow chart of the method of the present disclosure.
In step 700, the user runs his login software application 100 in his personal computing device 110 and is prompted to unlock the screen lock device previously defined in step 600.
In step 710, the login software application 100 in the personal computing device 110 tests the unlock input to the screen lock device and determines whether it is valid or invalid. The valid input will be an entered PIN that matches a PIN defined at the time of installation of the login software application 100, or a face or fingerprint of the user that is recognized by the biometric verification function of the personal computing device 110.
If the unlock input to the screen lock device is deemed invalid at step 715, the login software application 100 denies continued operation to the user. If it is deemed valid in step 720, the authorization continues with the operation and, in the case where there is more than one application allowing the user to log in, the user is allowed to select an application server 140 in the login software application 100 for logging in.
In step 730, a connection is established to the selected application server 140 and a login procedure is requested.
In step 740, the login and access software application 475 in the application server 140 tests whether the request is from a true copy and a valid installation of the login software application 100, and this is done by known cryptographic methods. To verify that the copy of the login software application 100 is legitimate, the login and access software application 475 may also query the commands sent to the login software application 100 in steps 660 and 670 and confirm that they exist and are the same as those originally issued.
If the test is unsuccessful, then at step 745, login and access software application 475 in application server 140 denies login access and sends a command to login software application 100 to terminate its operation. Identity details and other identification details of the login software application 100 and the personal computing device 110 may be recorded by the application server 140 in a security log file.
If the test is successful, then in step 750, the login and access software application 475 in the application server 140 authorizes the user login process to continue and sends a command to the login software application 100 so that it transmits the user's public key/anonymous identifier.
In step 760, the login and access software application 475 in the application server 140 receives the public key/anonymous identifier and searches its user registration database 480 for a matching anonymous identifier. In step 770, the login and access software application 475 in the application server 140 tests whether a match is found.
If a match is not found in step 775, the login and access software application 475 denies login access to the user's login software application 100. If a match is found in step 780, login and access software application 475 grants login access to the user's login software application 100. In step 790, a user session is started at the application server 140 using these or other software applications resident in the personal computing device 110 or the application server 140. When the user issues a log-out command in the login software application 100 or the application server 140, or if a preset timeout device in the login software application 100 or the login and access software application 475 is triggered after a given period of user inactivity, the user session is ended in step 795.
The invention allows a user to securely log in to an application server by a single click or touch, wherein in a preferred embodiment of the invention no user name or user name that the user can remember is disclosed, and no identity details and no password exists, while the user is positively identified and authenticated only by the user's anonymous identifier.
It should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, this method of disclosure should not be interpreted as reflecting an intention that: the claimed invention requires more features than are expressly recited in each claim. Rather, inventive aspects lie in less than all features of a single foregoing disclosed embodiment, and each embodiment described herein can contain more than one inventive feature.
While the invention has been particularly shown and described with reference to embodiments thereof, it will be understood by those skilled in the art that various other changes in form and details may be made therein without departing from the spirit and scope of the invention.

Claims (10)

1. A method of performing a secure user login procedure in an application server, comprising:
a. the login software application 100 is downloaded and installed into the user's personal computing device 110 and an anonymous identifier is generated,
b. running the login software application 100 in the personal computing device 110, connecting to the application server 140 of interest, and sending the anonymous identifier of the user to the user registration software application 470,
c. the anonymous identifier of the user is received and recorded in a user registration database 480 of the application server 140 by means of the user registration software application 470,
d. receiving in the application server 140 a login or access request from the login software application 100 in the personal computing device 110, the request including an anonymous identifier of the user, verifying that the request is a known anonymous identifier and granting the user access to the application server 140 by means of a login and access software application 475,
wherein during a login procedure, the user does not disclose his identity in the form of a user-defined username, does not use a system password and performs the login procedure to gain access to the application server 140 by means of the login software application 100, the user is identified by the anonymous identifier and no manual or biometric login input is required from the user.
2. The method of claim 1, wherein the installation process of the login software application 100 comprises a user identity verification step comprising:
a. the user enters a name and a personal identifier in the login software application 100,
b. the login software application 100 sends the name and the personal identifier to the identity verification server 130,
c. the identity verification software application 370 in the identity verification server 130 matches the received data with the stored name and personal identifier,
d. upon obtaining a match, the identity verification software application 370 reads the known contact number or electronic address of the user's personal computing device 110 from the matching user's data,
e. the identity verification software application 370 sends a command to the matching known contact number or electronic address of the user's personal computing device 110, prompts the user for a confirmation response,
f. the user responds to a confirmation prompt in his personal computing device 110, the personal computing device 110 transmits the response to the identity verification software application 370 in the identity verification server 130,
g. upon receipt of the user confirmation, the identity verification software application 370 in the identity verification server 130 sends a command to the user's login software application 100 that the user identity has been confirmed and that the installation may be ended,
wherein the identity verification server 130 need only be contacted once by the user's login software application 100, and wherein the user identity verification software application 370 verifies the identity of the user and authenticates the login software application 100 with the personal computing device 110 as the user's login and access device.
3. The method of claim 1, wherein the anonymous identifier is a public key derived from a randomly generated private key in an asymmetric system, the public key having at least 10 characters, preferably more than 100 characters, and most preferably more than 1000 characters.
4. The method of claim 1, wherein the anonymous identifier is an arbitrarily randomly generated number of at least 10 characters, preferably more than 100 characters, and most preferably more than 1000 characters.
5. The method of claim 1, wherein the login or access request is a single user action in the login software application 100, such as a single click or single touch.
6. The method of claim 1, wherein receiving, by an application server 140, an incoming request for login originating from a login software application 100 is deemed valid and sufficient to grant user login access to the application server 140.
7. The method of claim 6, wherein the incoming request to receive the login by the application server 140 is authenticated by the identity verification server 130 as being associated with a valid anonymous identifier.
8. A login device comprising a personal computing device 110, a login software application 100, and an anonymous identifier, wherein the login device transmits the anonymous identifier to a login and access software application 475 in an application server 140 and is identified by the login and access software application 475 as an authorized device to initiate a login process and be granted access, matching the received anonymous identifier with one of several stored anonymous identifiers recorded in a user registration database 480 of the application server 140 based only on the login and access software application 475.
9. At least one non-transitory machine-readable storage medium having instructions stored thereon, which when executed by the processor 240 in the personal computing device 110 and the processor 440 in the application server 140, cause the respective processors to:
a. the login software application 100 is downloaded and installed into the user's personal computing device 110, and an anonymous identifier is generated,
b. running the login software application 100 in the personal computing device 110, connecting to the application server 140 of interest, and sending the anonymous identifier of the user to its user registration software application 470,
c. the anonymous identifier of the user is received and recorded in a user registration database 480 of the application server 140 by means of the user registration software application 470,
d. receiving in the application server 140 a login or access request from the login software application 100 in the personal computing device 110, the request including an anonymous identifier of the user, verifying by means of the login and access software application 475 that the request is a known anonymous identifier and granting the login software application 100 and the user access to the application server 140,
wherein during a login procedure, the user does not disclose his identity in the form of a user-defined username, does not use a system password and performs the login procedure to gain access to the application server 140 by means of the login software application 100, the user is identified by the anonymous identifier and no manual or biometric login input is required from the user.
10. At least one other non-transitory machine-readable storage medium having instructions stored thereon that, when executed by the processor 240 in the personal computing device 110 and the processor 340 in the identity verification server 130, cause the respective processors to:
a. accepting a user action to enter a name and a personal identifier in the login software application 100 of the personal computing device 110,
b. the name and personal identifier are transferred from the login software application 100 to the identity verification server 130,
c. in the identity verification server 130, the received data is matched with the stored name and personal identifier by means of the identity verification software 370,
d. upon obtaining a match, the known contact number or electronic address of the user's personal computing device 110 is read from the matching user information by means of the identity verification software application 370,
e. sending a command from the identity verification software application 370 in the identity verification server 130 to the known contact number or electronic address of the user of the matching user's personal computing device 110, and prompting the user for a confirmation response,
f. when a user responds to a confirmation prompt in his login software application 100, the response is transmitted from the personal computing device 110 to the identity verification software application 370 in the identity verification server 130,
g. upon receiving the user confirmation response, transmitting a command from the identity verification software application 370 to the user's login software application 100 that the user identity has been confirmed and that installation of the login software application 100 may end up in the personal computing device,
wherein the identity verification server 130 is contacted only once by the user's login software application 100 and wherein the identity verification process authenticates the login software application 100 together with the personal computing device 110 as the user's login device.
CN202080027059.3A 2019-02-11 2020-02-11 Single click login process Pending CN113826095A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
PT115304A PT115304B (en) 2019-02-11 2019-02-11 ONE CLICK LOGIN PROCEDURE
PT115304 2019-02-11
PCT/EP2020/053478 WO2020165174A1 (en) 2019-02-11 2020-02-11 A one-click login procedure

Publications (1)

Publication Number Publication Date
CN113826095A true CN113826095A (en) 2021-12-21

Family

ID=69571997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080027059.3A Pending CN113826095A (en) 2019-02-11 2020-02-11 Single click login process

Country Status (7)

Country Link
US (1) US20220141207A1 (en)
EP (1) EP3762843B1 (en)
JP (1) JP2022520226A (en)
CN (1) CN113826095A (en)
CA (1) CA3129629A1 (en)
PT (1) PT115304B (en)
WO (1) WO2020165174A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230297723A1 (en) * 2022-03-18 2023-09-21 Jpmorgan Chase Bank, N.A. System and method for password-less authentication through digital driving license
CN115442809B (en) * 2022-11-08 2023-01-31 北京紫光青藤微系统有限公司 Login method and device

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6711682B1 (en) * 2000-02-09 2004-03-23 Microsoft Corporation Online service registration system and method
US20100106512A1 (en) * 2008-10-28 2010-04-29 Arn Hyndman Managing user identity in computer generated virtual environments
US8954758B2 (en) 2011-12-20 2015-02-10 Nicolas LEOUTSARAKOS Password-less security and protection of online digital assets
US9009258B2 (en) * 2012-03-06 2015-04-14 Google Inc. Providing content to a user across multiple devices
US9887965B2 (en) * 2012-07-20 2018-02-06 Google Llc Method and system for browser identity
US20140372896A1 (en) * 2013-06-14 2014-12-18 Microsoft Corporation User-defined shortcuts for actions above the lock screen
US9264423B2 (en) 2014-06-12 2016-02-16 Nadapass, Inc. Password-less authentication system and method
US9769122B2 (en) * 2014-08-28 2017-09-19 Facebook, Inc. Anonymous single sign-on to third-party systems
US9628282B2 (en) * 2014-10-10 2017-04-18 Verizon Patent And Licensing Inc. Universal anonymous cross-site authentication
US9985949B2 (en) * 2016-01-25 2018-05-29 International Business Machines Corporation Secure assertion attribute for a federated log in
GB2547472A (en) * 2016-02-19 2017-08-23 Intercede Ltd Method and system for authentication
US11134071B2 (en) * 2018-04-23 2021-09-28 Oracle International Corporation Data exchange during multi factor authentication
US10924289B2 (en) * 2018-07-13 2021-02-16 Visa International Service Association Public-private key pair account login and key manager

Also Published As

Publication number Publication date
PT115304B (en) 2023-12-06
EP3762843A1 (en) 2021-01-13
JP2022520226A (en) 2022-03-29
US20220141207A1 (en) 2022-05-05
PT115304A (en) 2020-08-11
EP3762843B1 (en) 2023-10-11
CA3129629A1 (en) 2020-08-20
WO2020165174A1 (en) 2020-08-20
EP3762843C0 (en) 2023-10-11

Similar Documents

Publication Publication Date Title
US11223614B2 (en) Single sign on with multiple authentication factors
US8955082B2 (en) Authenticating using cloud authentication
CN106537403B (en) System for accessing data from multiple devices
EP2893484B1 (en) Method and system for verifying an access request
US10848304B2 (en) Public-private key pair protected password manager
US20070061590A1 (en) Secure biometric authentication system
US20090235086A1 (en) Server-side biometric authentication
US20150082390A1 (en) Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
EP1777641A1 (en) Biometric authentication system
KR101451359B1 (en) User account recovery
US20200351263A1 (en) Dynamic user id
TWM595792U (en) Authorization system for cross-platform authorizing access to resources
US20080250245A1 (en) Biometric-based document security
EP3762843B1 (en) A one-click login procedure
US20230198751A1 (en) Authentication and validation procedure for improved security in communications systems
US11936651B2 (en) Automated account recovery using trusted devices
ES2964854T3 (en) A one-click login procedure
TWI778319B (en) Method for cross-platform authorizing access to resources and authorization system thereof
GB2607282A (en) Custody service for authorising transactions
AU2010361584B2 (en) User account recovery

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination